home: make sure whenever we touch the 'secret' part of a user record, we set the...

author Lennart Poettering <lennart@poettering.net>

Wed, 29 Apr 2020 14:25:52 +0000 (16:25 +0200)

committer Lennart Poettering <lennart@poettering.net>

Wed, 29 Apr 2020 14:32:46 +0000 (16:32 +0200)
author Lennart Poettering <lennart@poettering.net>
Wed, 29 Apr 2020 14:25:52 +0000 (16:25 +0200)
committer Lennart Poettering <lennart@poettering.net>
Wed, 29 Apr 2020 14:32:46 +0000 (16:32 +0200)
diff --git a/src/home/user-record-util.c b/src/home/user-record-util.c

index c4a0d95081496fa0f547614deb187fe17b3d60b1..430a952e6f7224087054d48f8ee2597fe49a4b92 100644 (file)
--- a/src/home/user-record-util.c
+++ b/src/home/user-record-util.c
@@ -840,6 +840,8 @@ int user_record_set_password(UserRecord *h, char **password, bool prepend) {
          if (r < 0)
                  return r;
  
+        json_variant_sensitive(w);
+
          r = json_variant_set_field(&h->json, "secret", w);
          if (r < 0)
                  return r;
@@ -900,6 +902,8 @@ int user_record_set_pkcs11_pin(UserRecord *h, char **pin, bool prepend) {
          if (r < 0)
                  return r;
  
+        json_variant_sensitive(w);
+
          r = json_variant_set_field(&h->json, "secret", w);
          if (r < 0)
                  return r;
@@ -927,8 +931,11 @@ int user_record_set_pkcs11_protected_authentication_path_permitted(UserRecord *h
  
          if (json_variant_is_blank_object(w))
                  r = json_variant_filter(&h->json, STRV_MAKE("secret"));
-        else
+        else {
+                json_variant_sensitive(w);
+
                  r = json_variant_set_field(&h->json, "secret", w);
+        }
          if (r < 0)
                  return r;
author	Lennart Poettering <lennart@poettering.net>
	Wed, 29 Apr 2020 14:25:52 +0000 (16:25 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Wed, 29 Apr 2020 14:32:46 +0000 (16:32 +0200)